Patch Tuesday: Microsoft Security Bulletin Summary for August 2017

Microsoft August 2017 Patch Tuesday addresses 48 security vulnerabilities in six of it’s main product categories. Amoung these 25 CVE’s are rated as Critical, 21 are rated as Important and 2 are rated as Moderate.

More than two dozen remote code execution vulnerabilities are addressed in August 2017 security update. Among these security vulnerabilities, two became public before the patch was released. CVE-2017-8627(Windows Subsystem for Linux Denial of Service Vulnerability), which is related to how Windows Subsystem for Linux improperly handles objects in memory. It allows an attacker to cause a denial of service against the local system on successful exploitation. And CVE-2017-8633(Windows Error Reporting Elevation of Privilege Vulnerability), which is related to Windows Error Reporting (WER). It allows an attacker to gain greater access to sensitive information and system functionality on successful exploitation. Microsoft didn’t detect these vulnerabilities any of them being used in live attacks.

SMBLoris DoS vulnerability, which is revealed in July DEFCON conference. This vulnerability affect all the versions of SMB, is a remote and uncredentialed Denial of Service vulnerability. It affect all modern versions of Windows, at least from Windows 2000 through Windows 10. The Systems remains vulnerable, even if all versions of SMB v1, v2, and v3 are disabled. It is caused by a 20+ year old vulnerability in the SMB network protocol implementation. Microsoft said it would not provide a patch this time, as the vulnerability needs to be attacked over the internet and the SMB port should already be firewalled. hence patch will be provided in up coming day.

The most critical remote code execution vulnerability is due to the way Windows Search handles objects in memory. “An attacker who successfully exploited this vulnerability could take control of the affected system”. Exploitation of this vulnerability requires an attacker to send specially crafted messages to the Windows Search service.

An another important remote code execution vulnerability is related to Windows Hyper-V. It exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker need to run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

This is the first time, some CVE’S patched on the Linux Subsystem under Windows. These are CVE-2017-8622(Windows Subsystem for Linux Elevation of Privilege Vulnerability) and CVE-2017-8627(Windows Subsystem for Linux Denial of Service Vulnerability).

The August security release consists of security updates for the following software: